‘Juice Jacking’ Cybercriminals Use Public USB Ports to Steal Personal Data

Travellers have been advised by the Los Angeles District Attorney’s Office to avoid free USB charging stations in public areas because of a hacking technique called “juice jacking”.

This technique allows criminals to load charging areas with malware which can be transferred to mobile devices even after the user disconnects from the charging station. The malware can then be used to access personal and corporate information stored on devices of unassuming users. 

Something as innocuous as a public mobile charging station can become a risk to mobile device users. Juice jacking is a method to transfer malware planted in public USB ports at charging stations onto devices, which can linger even after the device is no longer in contact with the charging station. This is because the cable used to charge mobile devices is also a driver that can be used to transfer and sync data. The malware can then be used to access personal and corporate information stored on devices of unassuming users. A simple solution to this problem is to refrain from charging mobile devices in public areas. Only charge your mobile devices using cables and chargers that belong to you,” said Satnam Narang, Senior Research Engineer, Tenable.

Juice jacking is a type of cyber attack involving a charging port that doubles as a data connection, typically over USB. This often involves either installing malware or surreptitiously copying sensitive data from a smart phone, tablet, or other computer device.